/**
* A generalized method for performing a password change
* @access public
* @param data array - A 1 deminisonal array focused in the user data
* @return array
*/
public function changePassword($data)
{
$this->create();
//Create a salt value for the user
$salt = Sec::makeSalt();
//Load salt into the data array
$data['salt'] = $salt;
$data['temp_password'] = $data['password'];
//Hash the password and its verifcation then load it into the data array
$data['password'] = Sec::hashPassword($data['password'], $salt);
$data['verify_password'] = Sec::hashPassword($data['verify_password'], $salt);
//set expiration date for the password
$data['password_expires'] = date("Y-m-d H:i:s", strtotime("+".Configure::read('Password.expiration')." Days"));
//Clear out any password reset request tokens along with a successfull password reset
$data['password_reset_token'] = null;
$data['password_reset_token_expiry'] = null;
//Try to save the new user record
if($this->save($data)){
$_SESSION['Auth']['User']['password_expires'] = $data['password_expires'];
return array('password' => $data['password'], 'salt' => $data['salt']);
}else{
return array();
}
}
/**
* The result of makeSalt() MUST NOT ever yeild the same results twice
*
* @return void
* @access public
*/
public function testMakeSaltAmbiguity() {
$hash1 = Sec::makeSalt();
$hash2 = Sec::makeSalt();
$this->assertNotEqual($hash1, $hash2);
}
